stored_user_password not being deleted after verification
-
Hello,
In working with your plugin I came across a non-fatal issue.
In the rpr_login_form_verifyemail function in the rpr-login.php file you have this condition:
if ( empty( $user_password ) ) {
You should probably add an “else” case with the following:
delete_user_meta( $user_id, ‘stored_user_password’ );
Otherwise the stored_user_password is left in the usermeta table.
You may want to consider encrypting the value with a 2-way encryption routine just so a password isn’t in there as plain text.
I also noticed, in the same function, that you are outputting text with sprintf with the %s being set to $user_login. However, you haven’t set this variable anywhere in the function. Though I know you know this, the following should do the trick:
$userinfo = get_userdata($user_id);
$user_login = $userinfo->user_login;Or using first + last… if available…
Thanks for a great plugin. I did end up pulling out the rpr_login_form_verifyemail function as my client wants all login related activity handled from within a custom page template and not through wp-login.php.
Jeff
- The topic ‘stored_user_password not being deleted after verification’ is closed to new replies.